Exploring Wireless Network Technologies and Applications

cryptography and security services mechanisms n.w
1 / 40
Embed
Share

Discover the diverse landscape of wireless networking, from Low-Rate Wireless Personal Area Networks to WiMAX. Learn about different types of wireless networks, their coverage, data rates, and applications. Explore the capabilities of WiMAX in expanding broadband services and enabling connectivity in various environments, from rural areas to emerging markets.

  • Wireless Networks
  • WiMAX
  • Wireless Technology
  • Networking Applications
  • Data Rates
rayaanacharya
wwolt Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Cryptography and Security Services: Mechanisms and Applications Session 11 Session 11 Wireless Security Manuel Mogollon m_mogollon@verizon.net M. Mogollon 0

  2. Session 12 Contents Types of Wireless Networks Wireless Metropolitan Area Networks (WMAN) - WiMax Wireless Local Area Networks (WLAN) / Wi-Fi Wireless Personal Area Network (WPAN) Bluetooth Low-Rate Wireless Personal Area Network (LR-WPAN) Zigbee Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 1

  3. The Wireless Landscape Low-Rate Wireless Personal Area Network (LR-WPAN) General-purpose, inexpensive, self-organizing mesh network. Low data rates and low power consumption; a year or two with a single alkaline battery. Wireless Wide Area Network (WWAN) Metro/Geographical area Always On Services Ubiquitous public connectivity with private virtual networks Wireless Personal Area Network (WPLAN) Small form factor, low-cost, short range, low power, radio technology. Developed to link portable devices without cables. Non-licensed spectrum Vehicle Campus Outside CDMA2000 1XRT Level of Mobility Wireless Local Area Nework (WLAN), and Wireless Metropolitan Area Network (WMAN), Public or Private Site or Campus Enterprise. Non-licensed spectrum Walk 3XRT CDMA2000 4G Fixed 802.11n (MIMO) Walk Campus WIMAX (MIMO) Within Fixed/ Desktop Bluetooth Zigbee LAN 0.1 2 54 78 200 1000 Mbps 0.25 Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 2

  4. Wireless Networks Network Standard Range Data Rate WMAN (Wireless Metropolitan Area Network) - WIMAX IEEE 802.16I Approximately 30 miles radius 78 Mbps WLAN (Wireless Local Area Network) WiFi EEE 802.11 Approximately 300 feet radius 54 Mbps WPAN (Wireless Personnal Area Network) Bluetooth IEEE 802.15 Approximately 30 feet radius 1, 2, or 3 Mbps LR-WPAN (Low-Rate Wireless Personal Area Networks) Zigbee IEEE 802.15.4 Approximately 150 feet radius 250 Kbps Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 3

  5. WIMAX WIMAX is very similar to a Wi-Fi but it operates at higher speeds, over greater distances, and for a greater number of users. From the point of view of the infrastructure, a WiMAX network is similar to a cellular network. A based station covers a very large area and can simultaneously operate as a subscriber station and as a base station in a full mesh network using a line-of-sight link. A subscriber station, which could be a small WIMAX receiver box, or a mobile station. WIMAX operates in two primary bands, the 10-66 GHz band used where line-of sight is necessary, and the licensed and un-licensed frequencies of 2 11 GHz for those physical environments where line-of-sight is not necessary. WIMAX also supports subscriber stations moving at vehicular speeds. The spectrum at 2.5 GHz and below (2.5 GHz, 1.5GHz, 700MHz, etc.) is used because it has better characteristics for full mobility deployment. WIMAX throughput is around 38 Mbit/sec when using orthogonal frequency division multiplexing (OFDM), and 78 Mbit/sec when OFDM is combined with multiple-input multiple-output (MIMO) antenna processing technology. WiMAX expands the availability of broadband service to residences, businesses and other locations with a high cost of wire deployment. Low-density rural locations in developed countries Emerging markets where user connectivity is sporadic. Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 4

  6. WIMAX Network Subscriber Station Subscriber Station Line of sight, 10 66 GHz band, 38 to 78 Mbit/sec Fiber Optics Base Station 2 Base Station 1 Subscriber Station Subscriber Station Carrier Base Station 1 is acting as client to Base Station 2 Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 5

  7. WIMAX Security WIMAX provides subscribers with privacy, authentication, and confidentiality across the broadband wireless network. WIMAX security has three component protocols as follows: Secure encapsulation of the data exchanged. Authentication for the subscriber station (SS) to obtain authorization and traffic keying material from the base station (BS); also supports periodic reauthorization and key refresh. A privacy key management protocol (PKM) to provide the secure distribution of keying data from the BS to the SS. Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 6

  8. WIMAX Key Generation The Privacy Key Management authentication protocol establishes a shared secret key, called an Authorization Key (AK), between the SS and the BS. Either RSA or EAP methods are used to generate the AK (Slide 8) The Authorization Key is then used, by both the BS and the SS, to generate MAC Keys, HMAC Keys and Key Encrypting Keys (KEK). (Slide 9). The KEK is used to encrypt keys for transport from the BS to the SS. The BS randomly generates the Traffic Encryption Key (TEK), enciphers it using KEK, and sends it to the SS in the TEK exchange. KEK and TEK have 128-bit lengths. The TEK-128 is encrypted with AES Key Wrap. (Slide 10). Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 7

  9. WIMAX Key Generation MSK -512-bit Primary Authorization Key transferred to SS by EAP method during the authentication exchange Pre-PAK 256-bit Primary Authorization Key transferred from BS to SS using RSA during the authorization process MSK Pre-PAK Dot16KDF Truncate (MSK, 160) (pre-PAK, SS MAC Address|BSID| EIK+PAK, 320) PAK (160 bits) EIK (160 bits) PAK (160 bits) Optional EIK PMK EIK PAK Dot16KDF Dot16KDF (PAK, SS MAC Address|BSID| AK, 160) (PMK, SS MAC Address|BSID| AK, 160) AK AK PAK = Primary Authorization Key EIK = EAP Integrity Key AK = Authorization Key MSK = Master Session Key PMK = Pairwise Master Key AK = Authorization Key Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 8

  10. WIMAX Key Hierarchy AK 160-bit Authentication Key (AK) context MAC Mode CMAC HMAC Dot16KDF Dot16KDF (AK, SS MAC Address|BSID| CMAC_KEYS+KEK, 384) (AK, SS MAC Address|BSID| HMAC_KEYS+KEK, 448) KEK KEK CMAC_KEY_U (128 bits) CMAC_KEY_D (128 bits) HMAC_KEY_U (160 bits) HMAC_KEY_D (160 bits) (64 or 128 bits) (128 bits) CMAC_KEY_U CMAC_KEY_D KEK HMAC_KEY_U HMAC_KEY_D KEK MAC = Message Authentication Code CMAC_KEY_U = Uplink CMAC Key CMAC_KEY_D = Downlink CMAC Key KEK = Key Encrypting Key CMAC = Cipher MAC (MAC based on block cipher) HMAC_KEY_U = Uplink HMAC Key HMAC_KEY_D = Downlink HMAC Key KEK = Key Encrypting Key Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 9

  11. WIMAX TEK and Group Keys Derived by the BS KEK Encryption RNG TEK Send to SS KEK Encryption RNG Send to SS GKEK GKEK Encryption RNG Send to SS GTEK RNG = Random Number Generator TEK = Traffic Encrypting Key (64 or 128 bits) GKEK = Group Key Encryption Key GTEK = Group Traffic Encrypting Key Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 10

  12. Security Associations Security associations in WIMAX are used in the same way and have the same meaning as the security associations used in IPSec, as well as the security capabilities used in TLS and SSL. A Security Association (SA) associates the security parameters with the traffic to be protected. Once the SA for a specific connection is defined, it is assigned an identifier, the Security Association ID (SAID). When a connection is established between a BS and an SS, the two need to agree on, among other things, the following: The encryption and authentication algorithms. The crypto keys, the key sizes, and key lifetimes. How to exchange keys, the initialization values, and other related security parameters. Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 11

  13. WIMAX Authorization and AK Exchange Base Station Subscriber Station Authentication Information The authentication information message is strictly informative. It contains the SS X.509 certificate. Authorization Request SS X.509 certificate. List of crypto suites (security associations IDs) supported by the SS. SS Connection Identifier (CID). Authorization Replay A pre-PAK or MSK encrypted with the SS public key. A 4-bit sequence number used to distinguish successive generations of Pre-PAK or MSK. A key lifetime. The SAID used by the SS to obtain keying information. Creating the PAK or PMK and AK) SS and BS create the PAK or PMK, and from the PAK or PMK derive the 160-bit AK. Authentication Key Authentication Key Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 12

  14. WIMAX Re-Authentication & TEK Exchange Base Station Subscriber Station Creating CMAC or HMAC and KEK SS and BS create CMAC or HMAC and KEK Re-Authentication The SS sends re-authentication request signed by HMAC or CMAC. Key Request SS requests a TEK. Key Replay The BS generates TEK as a random number and enciphers it using a wrapping algorithm keyed with the KEK. The BS sends the encrypted TEK to SS. SS deciphers the encrypted TEK using the wrapping algorithm keyed with KEK. BS and SS are ready to send encrypted information using the data encryption algorithm specified in the cipher suite keyed with TEK. Exchanged ciphertext messages are authenticated using HMAC or CMAC. Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 13

  15. WIMAX Cryptographic Suites Value Data Encryption Data Authentication TEK Exchange 0x000001 No data encryption No data authentication 3-DES, 128 0x010001 CBC-Mode 56-bit DES No data authentication 3-DES, 128 0x000002 No data encryption No data authentication RSA, 1024 0x010002 CBC-Mode 56-bit DES No data authentication RSA, 1024 0x020103 CCM-Mode 128-bit AES CCM-Mode, 128-bit ECB mode AES with 128-bit key 0x020104 CCM-Mode 128bits AES CCM-Mode AES Key Wrap with 128-bit key 0x030003 CBC-Mode 128-bit AES No data authentication ECB mode AES with 128-bit key 0x800003 MBS CTR Mode 128 bits AES No data authentication AES ECB mode with 128-bit key 0x800004 MBS CTR mode 128 bits AES No data authentication AES Key Wrap with 128-bit key All remaining values Reserved Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 14

  16. WIMAX AES Residual Termination Block Processing Pn Cn Pn-1 Cn-1 C + + cn-2 EK DK EK DK b bits + + a bits Cn cn-2 (b a) bits Pn-1 Cn-1 Pn Cn C Pn = Last plaintext block Cn = Last ciphertext block EK = Encryption with key K b = Block size = Padded bits Pn-1 = Next to last plaintext block Cn-1 = Next to last ciphertext block DK = Decryption with key K a = Number of bits in Pn C = Ciphertext of Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 15

  17. Wireless LAN (WLAN) - WiFi WLAN Security Switch Subnet B Subnet A Roam From One to the other PDA Terminal PDA WLAN Mobile Adaptor WLAN Mobile Adaptor Terminal Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 16

  18. IEEE 802.11 Standards IEEE 802.11 The original 1 Mbit/s and 2 Mbit/s, 2.4 GHz RF and IR standard (1999) IEEE 802.11a 54 Mbit/s, 5 GHz standard (2001) IEEE 802.11b Enhancements to 802.11 to support 5.5 and 11 Mbit/s (1999) IEEE 802.11c Bridge operation procedures; included in the IEEE 802.1D standard (2001) IEEE 802.11d International (country-to-country) roaming extensions (2001) IEEE 802.11e Enhancements: QoS, including packet bursting (2005) IEEE 802.11g 54 Mbit/s, 2.4 GHz standard (backwards compatible with b) (2003) IEEE 802.11h Spectrum Managed 802.11a (5 GHz) for European compatibility (2004) IEEE 802.11i Enhanced security (2004) IEEE 802.11n 802.11n builds upon previous 802.11 standards by adding MIMO (multiple-input multiple- output) and orthogonal frequency-division multiplexing (OFDM). MIMO uses multiple transmitter and receiver antennas to allow for increased data throughput. IEEE 802.11p WAVE - Wireless Access for the Vehicular Environment (such as ambulances and passenger cars) IEEE 802.11s ESS Mesh Networking Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 17

  19. IEEE 802.11 Security Services Authentication Open System Shared Key Confidentiality WEP Access control in conjunction with layer management. Secure Roaming Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 18

  20. WEP Encapsulation Secret Key (40, 104, 128) RC4 || Initialization Vector (IV) 802.11 Frame Keystream Header Payload + Encrypted Payload ICV || CRC-32 Integrity Check Value (ICV) Header IV Key Number Encrypted Payload ICV WEP Frame Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 19

  21. IEEE 802.11i Several reports were written revealing 802.11 security weaknesses. In June 2004, the IEEE Standards Association approved the IEEE 802.11i a security enhancement amendment to the original IEEE 802.11 specification. The IEEE 802.11i amendment added stronger encryption, authentication, and key management strategies for wireless data and system security. The amendment proposed two new data-confidentiality upgrades: An interim software upgrade solution that didn t need hardware upgrades The Temporal Key Integrity Protocol (TKIP) A final solution with different hardware and, therefore, not compatible with the previous version of WEP. CTR [counter mode] with CBC-MAC [cipherblock chaining (CBC) with a message authentication code (MAC)] Protocol (CCMP), and IEEE 802.1X's to control access to the network. The 802.11i amendment also provided improvement for the following security issues: Key management Data origin authenticity Replay detection Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 20

  22. 802.11 Security Framework RADIUS Servers Cisco ACS, Microsoft IAS, FreeRADIUS, Juniper SBR Username/ Password User Credentials Certificates Either Either Either Plus others such as EAP-SIM, EAP-FAST and LEAP Authentication EAP-TLS PEAP EAP-MD5 EAP-TTLS EAP Implementations EAP WI-FI Alliance Modes: Enterprise PSK Personal WPA2 released: 09/2004 802.11i ratified: 06/2004 WPA released: 04/2003 802.11 ratified: 06/1997 Port Control 802.1X 802.1X 802.1X Encryption & WPA2 cipher suite is indicated in the Robust Security Network (RSN) Information Element. Integrity Algorithm MIC Integrity CCMP Encryption Algorithm WEP TKIP Also, supported by WPA but not certified in, as CCMP(AES). Hence some vendors implement WPA with AES. Encryption Cipher RC4 RC4 AES IEEE 802.11 802.11i (RSN) 802.11i (RSN) WI-FI Alliance WPA/WPA2 WPA2 Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 21

  23. TKIP Encapsulation TA TK WEP Seed IV Phase 1 Key Mixing TTAK Phase 2 Key Mixing TSC RC4 Key Ciphertext MPDU RC4 (128 bits) DA + SA + Priority + Plaintext MSDU Data Fragment(s) (if necessary) Michael MIC Key Plaintext MSDU + MIC TA = Transmitter Address TSC = TKIP Sequence Counter MIC = Message Integrity Code DA = Destination Address TK = Temporary Key SA = Source Address Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 22

  24. CBC MAC Authentication Formatting Encoding Function Input Data (N, A, P) Output Data (B0, B1, B2, , Br) B1 B0 Br + + + Input Block 1 Input Block 2 Input Block r CIPHK CIPHK CIPHK Output Block 1 Output Block 2 Output Block r Yr = CIPHK(Yr -1XOR Br) T = MSBTlen(Yr) Y0 = CIPHK(B0) Y1 = CIPHK(Y0XOR B1) r Yr MSBs(X) = The bit string consisting of the s left-most bits of the bit string X. T = The MAC that is generated as an internal variable in the CCM processes. Tlen = The bit length of the MAC. = The number of blocks in the formatted input data (N, A, P). = The CBC-MAC result Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 23

  25. Counter (CTR) Mode Encryption Flag, N, Counter 2 Flag, N, Counter m Flag, N, Counter 1 Ctr0 Ctr1 Ctrm Encrypt Input Block 1 Input Block 2 Input Block m CIPHK CIPHK CIPHK Output Block 1 Output Block 2 Output Block m S0= CIPHK(Ctr0). S1 = CIPHK(Ctr1). Sm = CIPHK(Ctrm). S = S1 || S2|| .|| Sm S MSB Plen T MSB 0 S = ( )) C P ( ( )) || Tlen Confidentiality Authentication m Plen MSBs(X) = The bit string consisting of the s left-most bits of the bit string X. T = The MAC that is generated as an internal variable in the CCM processes. Tlen = The bit length of the MAC. = The number of blocks in the formatted payload, equal to Plen/128. = The bit length of the payload. Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 24

  26. IEEE 802.1X EAP Authentication Supplicant (Station) Authenticator (Access Point) Authentication Server (Radius) 802.1X EAP Start 802.1X EAP Request 802.1X EAP Response Access Request (EAP Request) EAP Authentication Access Protocol (Exchange PMK) Accept / EAP Success / Key Material (PMK) 802.1X EAP Success At this moment the 802.1X Controlled Port is still blocked to the station Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 25

  27. 4-Way Handshake Supplicant (Peer, Client) Authenticator (Access Point) PMK is known- generate SNonce PMK is known- generate ANonce Message 1 EAPOL Key (ANonce, Unicast) Derive PTK Message 2 EAPOL Key (SNonce, Unicast, MIC) Derive PTK. If needed, generate GTK. Message 3 EAPOL Key (Install PTK, Unicast, MIC, Encrypted GTK) Message 4 EAPOL Key (Unicast, MIC) Install PTK and GTK Install PTK Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 26

  28. Pairwise and Group Key Hierarchy Pairwise Master Key (PMK) PRF- X(PMK, Pairwise key expansion, AA, SPA, ANonce, SNonce) Pairwise Transient Key (PTK) TKIP 512 bits CCM 384 bits EAPOL-Key Key Confirmation Key (KCK) L(PTK 0-127) Temporal Key TKIP L(PTK 256-511) CCMP L(PTK 256-383 EAPOL-Key Key Encryption Key (KEK) L(PTK 128-255) AA = Authenticator Address SPA = Supplicant Address ANonce = Authenticator s Nonce SNonce = Supplicant s Nonce GNonce = Group s Nonce Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 27

  29. Pairwise and Group Key Hierarchy Group Master Key (GMK) PRF- X(GMK, Group key expansion , AA || GNonce) Group Temporal Key (GTK) (X bits) Temporal Key TKIP L(PTK 0-255) CCMP L(PTK 0-127 AA = Authenticator Address SPA = Supplicant Address ANonce = Authenticator s Nonce SNonce = Supplicant s Nonce GNonce = Group s Nonce Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 28

  30. Securing WLAN Use Wireless Security Switches Use Strong Encryption Turn Off SSID Broadcasting Change the Default Administrative Password and SSID Turn Off the System Use MAC Filtering Control the Wireless Signal Output Use VPN Use WLAN Audits Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 29

  31. Bluetooth Conceived as a low-cost, low-profile, low-power, short-range radio technology, open standard. Designed to create small wireless networks for interconnecting devices such as wireless headsets, printers, keyboards, and mice. Used to enhance wireless connectivity by connecting almost any device to any other device. Works as an ad-hoc network, typically created on a temporary and random basis. Consists of up to eight Bluetooth devices in a network, called a piconet, working in a master-slave relationship, with one device designated as master and the rest as slaves. Employs a dynamic topology in which the master controls and reconfigures the changing network topologies. Creates a chain of piconets, referred to as a scatter-net, in which a slave from one piconet acts as the master of another piconet. Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 30

  32. Bluetooth Frequency and Power Operation Bluetooth operates in the 2.4 GHz industrial, scientific, and medical (ISM) non-license spectrum. The system uses frequency-hopping, spread spectrum (FHSS) transmission. Devices in a piconet use a specific hopping pattern of 79 frequencies in the ISM band that changes frequency about 1,600 times per second. The master device controls and sets up the network s pseudo-random, frequency-hopping sequence, and the slaves synchronize to the master. Power Class Max Output Power Min Output Power Range 1 100 mW 1 mW Up to 300 feet 2 2.5 mW 1 mW Up to 30 feet 3 1 mW N/A Less than 30 feet Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 31

  33. Bluetooth Security Provides confidentiality and authentication for peer-to-peer communications over short distances. Four variables are used for security: Bluetooth device address Two secret keys A pseudo-random number that is regenerated for each new transaction. Variable Bit Length Bluetooth device address 48 bits Private user key (Link Key), authentication 128 bits Private user key, encryption configurable length (byte-wise) 8 128 bits Random number 128 bits Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 32

  34. Bluetooth Key Generation Bluetooth Device 1 Bluetooth Device 2 BD_ADDR, PIN, PIN length, IN_RAND BD_ADDR, PIN, PIN length, IN_RAND Key Generator Function E2 Key Generator Function E2 BD_ADDR, RAND BD_ADDR, RAND Kinit Kinit Key Generator Function E2 Key Generator Function E2 + + KA CA KB CB = K C K = K C K B B init A A init EN_RAND, COF, Link Key (KAB) EN_RAND, COF, Link Key (KAB) = K K K = K K K AB A B AB A B KAB = Link Key KC= Encryption Key Key Generator Function E3 Key Generator Function E3 KC KC Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 33

  35. Bluetooth Authentication Bluetooth Device 1 (Claimant) Bluetooth Device 2 (Verifier) Random Number Generator (RNG) BD_ADDR Address AU_RAND E1 Encryption Algorithm E1 Encryption Algorithm Link Key (Kab) Link Key (Kab) 96 bits 32 bits 32 bits 96 bits SRES ACO ACO SRES No Abort Same? Connection ACO Link Key AU_RAND = Authentication Random Number (128 bits) BD_ADDR = Bluetooth Device 1 (Claimant) Address (48 bits) = Authentication Ciphering Offset = Link Key (128 bits) Yes Allow Connection Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 34

  36. Bluetooth Encryption Bluetooth Device A (Master) Bluetooth Device B (Slave) Random Number Generator (RNG) COF COF EN_RANDA Link Key Link Key Key Generator Function (E3) Key Generator Function (E3) BD_ADDRA 111001 ClockA ClockA 111001 KC KC (128 bits) (128 bits) Key Reduction Expansion Function Key Reduction Expansion Function K C K C E0 Encryption Algorithm E0 Encryption Algorithm (128 bits) (128 bits) Ciphertext (Packet) + + Plaintext (Packet) Plaintext (Packet) ClockA EN_RAND = Encryption Random Number (128 bits) BD_ADDR = Bluetooth Device A (Master) Address (48 bits) K C = Encryption Key (128 bits) Constant = 111000 (6 bits) = Master Real-Time Clock (26 bits) Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 35

  37. Bluetooth Encryption Engine Summation Combiner Logic LFSR1 x1t Initial Value LFSR2 x2t LFSR3 x3t XOR Encryption Stream Zt (1 bit) LFSR4 x4t c0t Blend Z-1 1bit 2 bit T1 Ct Z-1 T2 x1t Ct + 1 2 bits 2 bits x2t XOR 2 bits + x3t 2 bits St + 1 3 bits + x4t /2 2 bits 3 bits Yt Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 36

  38. Bluetooth Encryption Engine Initialization + + +20 12 8 ADR[2] CL[1] K C[12] K C[8] K C[4] K C[0] CL24 25 + 24 X2t + + +24 12 16 ADR[3] ADR[0] K C[13] K C[9] K C[5] K C[1] CL[0]L 001 25 - 31 + 24 X3t + + +28 4 24 ADR[4] CL[2] K C[14] K C[10] K C[6] K C[2] CL25 33 + 31 X4t + +28 + 4 36 ADR[5] ADR[1] K C[15] K C[11] K C[7] K C[3] CL[0]u 111 33 - 39 + 31 X1t CL[0]L = CL3 CL2 CL1 CL0 (4 bits) CL[0]u = CL7 CL6 CL5 CL4 (4 bits) ADR[n], CL[n], K c[n] have 8 bits CLn has 1 bit Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 37

  39. Bluetooth Encryption Engine Run-up + + +20 Z[12]0 12 8 Z[0] Z[4] Z[8] + 24 X2t + + +24 12 16 Z[9] Z[12]7- 1 Z[1] Z[5] + 24 X3t + + +28 4 24 Z[15]0 Z[2] Z[6] Z[10] Z[13] + 31 X4t + +28 + 4 36 Z[3] Z[7] Z[11] Z[14] Z[15] 7 - 1 + 31 X1t Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 38

  40. To Probe Further Bluetooth Special Interest Group (SIG) 2004, Specification of the Bluetooth System V2. Retrieved on December 19, 2005, from https://www.bluetooth.org/spec/ Dworkin, M (December 2001). Recommendation for Block Cipher Modes of Operation Methods and Techniques. NIST Special Publication 800-38A. Natl. Inst. Stand. Technol. Retrieved December 19, 2005, from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf Dworkin, M (May 2005). Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication. NIST Special Publication 800-38B. Natl. Inst. Stand. Technol. Retrieved December 21, 2005, from http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf Dworkin, M (May 2004). Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality. NIST Special Publication 800-38C. Natl. Inst. Stand. Technol. Retrieved December 21, 2005, from http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf Fluher, S., Mantin, I., and Shamir, A. (2001). Weaknesses in the Key Scheduling Algorithm of RC4. 8th Annual Workshop Selected areas in Cryptography. August 2001. IEEE Std 802.16e 2005, Part 16: Air Interface for Fixed and Mobile Broadband Wireless Access Systems. IEEE Std 802.15.1 2005, Part 15.1: Wireless medium access control (MAC) and physical layer (PHY) specifications for wireless personal area networks (WPANs). IEEE Std 802.11i 2004, Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications Amendment 6: Medium Access Control (MAC) Security Enhancements. Karygiannis, T, Owens L. (2002). Wireless Network Security, 802.11. Bluetooth and Handheld Devices. NIST Special Publication. Downloaded on November 15, 2004, from http://csrc.nist.gov/publications/nistpubs/800- 48/NIST_SP_800-48.pdf Shinder, D. (2005). 10 Ways to Wireless Security. Tech Republic. Retrieved October 10, 2005, from http://insight.zdnet.co.uk Wi-Fi Security Addressing Concerns. Hewlett Packer. Downloaded on October 10, 2003 from http://h50012.www5.hp.com/createuse/learning/ITguide_planning.asp Wi-Fi Bluetooth Wireless WIMAX M. Mogollon 39

Related


Locksmith in Ireland

Locksmith in Ireland

Tejaswini
Enhance Your Wireless Range: 192.168.188.1 Wireless Extender Setup with Top Apps

Enhance Your Wireless Range: 192.168.188.1 Wireless Extender Setup with Top Apps

Jonty1
Scrolls:Rolling Flexible Surfaces for Wideband Wireless

Scrolls:Rolling Flexible Surfaces for Wideband Wireless

prudence
Wireless Communication Networks by Dr. K. Gopi at SITAMS

Wireless Communication Networks by Dr. K. Gopi at SITAMS

thelonious
Rate Optimization in Wideband RIS-assisted Wireless Systems

Rate Optimization in Wideband RIS-assisted Wireless Systems

llewellyn
Wireless Security Audits and Best Practices

Wireless Security Audits and Best Practices

muriel
Tamper-Evident Pairing (TEP) Protocol for Secure Wireless Pairing Without Passwords

Tamper-Evident Pairing (TEP) Protocol for Secure Wireless Pairing Without Passwords

quer_sna
Salinity in Seawater: Density, Composition, and Variations

Salinity in Seawater: Density, Composition, and Variations

kyliann
Exploring Wireless Technologies and Mobile Commerce

Exploring Wireless Technologies and Mobile Commerce

rut_mac
Wireless Network Essentials and Classification

Wireless Network Essentials and Classification

aisl_373
Wireless Networks: Types and Applications

Wireless Networks: Types and Applications

jets_849
Wireless Office Docking Model for Multiple Devices

Wireless Office Docking Model for Multiple Devices

epps_eda
Evolution of 8K UHD Wireless Transfer Usage Model for Next Generation Displays

Evolution of 8K UHD Wireless Transfer Usage Model for Next Generation Displays

dedo524
Overview of External Wireless Communication System on International Space Station (ISS)

Overview of External Wireless Communication System on International Space Station (ISS)

jang395
Challenges and Solutions in Wired-Wireless TSN Configuration

Challenges and Solutions in Wired-Wireless TSN Configuration

six_bur
Game Theory Applications in Wireless Communication Networks

Game Theory Applications in Wireless Communication Networks

misa_1
Wireless Programming for Hardware Dummies: Simplifying Wireless Research in the Industry

Wireless Programming for Hardware Dummies: Simplifying Wireless Research in the Industry

ptak_h
Exploring Wireless Technologies for Datacenters

Exploring Wireless Technologies for Datacenters

wism_zh
Advanced Strategies for Wireless Communication Networks

Advanced Strategies for Wireless Communication Networks

karl_838
Wireless Communication Frequencies and Regulations

Wireless Communication Frequencies and Regulations

heer231
Enhancing Bandwidth of Channel State Information (CSI) for Wireless Sensing Applications

Enhancing Bandwidth of Channel State Information (CSI) for Wireless Sensing Applications

esneyderm
Comprehensive DevOps Security Training Overview

Comprehensive DevOps Security Training Overview

jahv_808

More Related Content